Introduction to Cyber Security Principles
The principles or the steps to cybersecurity are for enterprises and businesses that are looking to protect themselves from the attacks in cyberspace. It’s a 10 steps guidance which was originally produced by NCSC (National Cyber Security Center). So, any business or anyone who is looking at how to effectively achieve cybersecurity should consider these 10 steps guide developed by NCSC. In this topic, we are going to learn about Cyber Security Principles.
It was originally published in the year 2012 and now is being used by the majority of organizations coming under FTSE 350.
Principles of Cyber Security
Let us see, what are those 10 steps set of principles:
1. Risk Management Regime
A risk management regime should be set up which mainly consists of applicable policies and practices that must be established, streamlined and should effectively be communicated to all the employees, contractors and suppliers to assure that everyone is aware of the approach, e.g., how decisions are made, about risk boundaries, etc.
The risk management regime should be supported by governance structure which should be strong enough and should constitute a board of members and senior members with expertise in a given area.
2. Secure Configuration
Establish policies that would secure the organization’s security perimeter, a secure baseline and processes should be developed for ensuring configuration management. One must also disable or remove unnecessary functionality from the system which always lies at the high end of security breaching. All the software and systems should be regularly patched to fix loopholes that lead to a security breach. Failing to any of the mentioned strategies might lead to an increased risk of compromise of systems and information.
3. Network Security
connecting to an unsecured network, for an instance – HTTP, over the internet, poses a big risk of getting your systems to be attacked or infected by bugs that lie at the other end. So policies and appropriate architectural and technical responses must be established which will serve as a baseline for networking. It will ensure the inbound and outbound networking rules that must be implemented to secure your network perimeter. E.g., the inbound connections (outside to inside) should first face the network firewall and should be filtered for threats and then finally should be passed to the destination system. By implementing these policies, any organization can reduce the chances of becoming a victim of cyber-attack. Furthermore, SIEM (security information and event management) solution should further be implemented; SOC centers should be established to use the technologies to effectively monitor your network.
4. Managing User Privileges
All the users should be provided with reasonable (and minimal) access privileges that would allow them to just go fine with their work. If users are granted more access than they need, it will be misuse and a much bigger risk to information security. Also, the granting of highly elevated privileges should be very carefully controlled and managed.
5. User Education and Awareness
End users and organization’s people play a vital role in keeping an organization safe and secure. If end-users are not aware of the policies, risk management regime that has been set and defined by the organization, these policies will fail its purpose. End-users must be provided with security awareness training and regular training should be conducted to ensure the users are aware of the organization’s policies and threats that may lead to security breaches. On the other hand, the cybersecurity professionals of the organization should be highly trained and should be ready to combat mode at any point in time if any breaches happen.
6. Incident Management
A SIEM solution will always create security-related incidents to you. An organization should establish effective incident management policies to support the business and ensure security throughout the organization and at all the endpoints, endpoints at rest (Like desktop) as well as endpoints in motion (Like laptops, Mobile Phones, etc.).
7. Malware Prevention
It requires the establishment of policies that directly address the business processes that are at the forefront of getting infected by malware such as email, web, personal devices, USB. E.g., a policy should be established which will restrict USB access to computers, similarly, other policy may restrict outbound internet request, etc., all depending upon situations and needs. Separate expertise solutions should be implemented to protect each forefront from malware such as email threat protection for emails, network analyzer like IDS, IPS and firewalls for networking and any web requests, managing profiles to monitor organization data at the end user’s mobile, etc. The endpoints should be very effectively protected by implementing anti-virus solutions that can detect, prevent and remediate malware from endpoints.
A monitoring strategy and solution should be created in order with the help of which an organization will have complete visibility of the security posture. It is also be used to create another layer of security when security breaches are passed by our detection and prevention system but the monitoring solution detects it and creates a security incident. E.g. you endpoint solution was able to detect the malware but it was unable to block or delete that malware, in that case, the monitoring solution will create a security incident. The solution will monitor all the inbound and outbound traffic and will integrate with logs from the firewall, endpoints, NIPS, NIDS, HIPS, HIDS, and other solutions.
9. Removable Media Controls
Every organization must define its removable media policies and should restrict the use of removable media as much as possible. If there are cases where their use is unavoidable, the policy should limit the types of media that can be used and the types of information that can be shared.
10. Home and Mobile Networking
When users are at home or mobile, they are no longer connecting to the company’s LAN or WAN. This poses a network risk where organizations do not have control over the internet. So risk-based policies that support mobile and home working should be established. The company can also choose to manage the user’s profile on mobile and have control of their data that is stored on mobile or Home computer.
In this article, we have discussed the principles and steps that will lead an organization to robust threat defense architecture but at the end of the day, it is all about user’s awareness to prevent any security breaches to happen.
This is a guide to Cyber Security Principles. Here we discuss the basic concept with 10 steps set of Principles of Cyber Security in concise way. You may also have a look at the following articles to learn more –